Malware campaign impersonates VC firm looking to buy sites

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,154
Content source
https://www.bleepingcomputer.com/news/security/malware-campaign-impersonates-vc-firm-looking-to-buy-sites/
BleepingComputer was recently contacted by an alleged "venture capitalist" firm that wanted to invest or purchase our site. However, as we later discovered, this was a malicious campaign designed to install malware that provides remote access to our devices.

Last week, BleepingComputer received an email to our contact form from an IP address belonging to a United Kingdom virtual server company.
This email pretended to be from a venture capitalist interested in investing or buying BleepingComputer, with the whole email listed below.
"Hello, we are a group of venture capitalists investing in promising projects.
We saw your website and were astounded by your product. We want to discuss the opportunity to invest or buy a part of the share in your project. Please get in touch with us by phone or in Vuxner chat.
Your agent is Philip Bennett. His username in Vuxner is philipbennett Make sure you contact us ASAP because we are not usually so generous with our offers. Thank you in advance!"
Click to expand...
Click to expand...
Cluster25 researchers explain in a report coordinated with BleepingComputer that the Vuxner[.]com is hosted behind Cloudflare, however they could still determine hosting server's actual address at 86.104.15[.]123.

The researchers state that the Vuxner Chat program is being used as a decoy for installing a remote desktop software known as RuRAT, which is used as a remote access trojan.
"Infection chain for this campaign can be divide in a fist stage phase, where the decoy URL drops and installs a Software called “Trillian” and the second one where the installer drops a legitimate Remote Desktop Software known as RuRAT used for malicious purposes," the Cluster25 researchers explain.
Click to expand...
www.bleepingcomputer.com

Malware campaign impersonates VC firm looking to buy sites

BleepingComputer was recently contacted by an alleged "venture capitalist" firm that wanted to invest or purchase our site. However, as we later discovered, this was a malicious campaign designed to install malware that provides remote access to our devices.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
  • Wow
Reactions: Venustus, Gandalf_The_Grey, Andy Ful and 4 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Malware News New RustDoor macOS malware impersonates Visual Studio update
Replies
0
Views
826
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Wow
    • Like
    • +Reputation
Massive phishing campaign uses 6,000 sites to impersonate 100 brands
Replies
4
Views
1,046
News Archive
Jonny Quest
Jonny Quest
vtqhtr413
    • Like
Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability
Replies
0
Views
1,128
News Archive
vtqhtr413
vtqhtr413

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top